Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft visual C++ run time error


  • This topic is locked This topic is locked

#31
wassupsergio

wassupsergio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
yes I did.
  • 0

Advertisements


#32
wassupsergio

wassupsergio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:40:04 PM, on 4/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\SOINTGR.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dkdc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\LiveChatNow! Enterprise Edition\LiveChatNow.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcfcorp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pcfcorp.com/
O1 - Hosts: 170.149.191.196 CTIPrimary
O1 - Hosts: 170.149.191.197 CTISecondary
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINNT\SOINTGR.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.pcfcorp.com/
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BE21E3AA-5EC1-413A-B7D2-58FCF75F1EFB} (MSSR210Ctrl Class) - http://pcf-op-file-0...der/MSSR210.OCX
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcf.nytimes.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C862CDC-F9AB-43A2-B138-C4CE5499C1B6}: Domain = pcf.nytimes.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pcf.nytimes.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pcf.nytimes.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

this is a new one I just got today.
  • 0

#33
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Sorry I overlooked your post,
Please post a fresh FindQoologic log please
  • 0

#34
wassupsergio

wassupsergio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* urllogic C:\WINNT\AOAVK.DLL
* qoologic C:\WINNT\AOAVK.DLL
* qoologic C:\WINNT\UNADBEH.EXE

* ad-beh C:\WINNT\System32\NKNQA.DLL
* ad-beh C:\WINNT\System32\PIPBGES.DLL
* ad-beh C:\WINNT\System32\CNCQOXD.EXE
* ad-beh C:\WINNT\System32\RPRLNA.EXE
* ad-beh C:\WINNT\System32\RPRLNA~1.EXE
* ad-beh C:\WINNT\System32\QAQYV.DAT
* ad-beh C:\WINNT\System32\WMCONFIG.CPL
* ad-beh C:\WINNT\UNADBEH.EXE
»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* exe C:\docume~1\alluse~1\startm~1\programs\startup\DKDC.EXE

»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x77f85ba9

Global Startup:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
.
..
dkdc.exe

User Startup:
C:\Documents and Settings\lopezs\Start Menu\Programs\Startup
.
..

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»»» Active setup »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

"Find activesetup", version1, launched at: 22:05
Operating System: Windows 2000


HKLM\Software\Microsoft\Active Setup\Installed Components\
">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player"
\StubPath = "C:\WINNT\inf\unregmp2.exe /ShowWMP" [MS]
">{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default)" = "Outlook Express Access"
\StubPath = ""C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE" [MS]
  • 0

#35
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
We have to probably run through this a few times, A caouple of the files have been killed but we need to double check for the removal of the each time, So we will run through it again please

Ok please print out these instructions or save to notebook so you have them Available,



[*]Please download the Killbox.
[*]Unzip it to the desktop but do NOT run it yet.
[*]Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
[*]Once in Safe Mode, please run Killbox.
[*]Click "Replace on Reboot" and check the "Use Dummy" box.
[*]Paste the following into the top "Full Path of File to Delete" box.
  • C:\WINDOWS\System32\ rprlna.exe
[*]Click the red-and-white "Delete File".
[*]Click "Yes" at the Replace on Reboot prompt.
[*]Click "No" at the Pending Operations prompt.
[*]Repeat steps 5-9 above for these files:
  • C:\WINNT\AOAVK.DLL
  • C:\WINNT\AOAVK.DLL
  • C:\WINNT\UNADBEH.EXE
  • C:\WINNT\System32\NKNQA.DLL
  • C:\WINNT\System32\PIPBGES.DLL
  • C:\WINNT\System32\CNCQOXD.EXE
  • C:\WINNT\System32\RPRLNA.EXE
  • C:\WINNT\System32\QAQYV.DAT
  • C:\WINNT\System32\WMCONFIG.CPL
  • C:\WINNT\UNADBEH.EXE
  • C:\WINNT\system32\cncqoxd.exe
[*]Click "Replace on Reboot" and check the "Use Dummy" box.
[*]Paste the following file into the top " C:\docume~1\alluse~1\startm~1\programs\startup\DKDC.EXE " box.
  • Click the red-and-white "Delete File" button.
  • Click "Yes" at the Replace on Reboot prompt.
  • Click "Yes" at the Pending Operations prompt to restart your computer. You do not need to reboot into Safe Mode this time.
  • When your computer reboots, please run Find-Qoologic2.bat again and post the new log here.

  • 0

#36
wassupsergio

wassupsergio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi I managed to get it fixed. I get the error no more and no more pop ups rprlna.exe is still running but I dont' give it much issue as everything is running fine liek before. Thank you for your help. If you ever need webspace for your site or anything let me know I do run a company lest I could do for your help.
  • 0

#37
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
If you wish, but we were getting close on it,

Your decision,

Don
  • 0

#38
wassupsergio

wassupsergio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
yeah it okay since it my work computer I don't care if it was my house I might :tazz: thanks alot.
  • 0

#39
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK fair enough, LOL
Get the boss to buy you a new one :tazz:
  • 0

#40
wassupsergio

wassupsergio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
yeah easy as that well IT would fix it. or just give me another one.
  • 0

Advertisements


#41
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
wassupsergio, well I guess good luck to you, wish we could have finished it off for you,

I will close the topic,

Good luck to you,

Thanks
Don
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP